operator: add support for RedpandaCloud provider

pvsune · pvsune · commit 2df607ccdfd5 · 2022-09-13T17:47:03.000+08:00
diff --git a/src/go/k8s/apis/redpanda/v1alpha1/console_enterprise_types.go b/src/go/k8s/apis/redpanda/v1alpha1/console_enterprise_types.go
@@ -26,6 +26,22 @@ type EnterpriseLogin struct {
 	JWTSecretRef SecretKeyRef `json:"jwtSecretRef"`
 
 	Google *EnterpriseLoginGoogle `json:"google,omitempty"`
+
+	RedpandaCloud *EnterpriseLoginRedpandaCloud `json:"redpandaCloud,omitempty"`
+}
+
+// EnterpriseLoginRedpandaCloud defines configurable fields for RedpandaCloud SSO provider
+type EnterpriseLoginRedpandaCloud struct {
+	Enabled bool `json:"enabled" yaml:"enabled"`
+
+	// Domain is the domain of the auth server
+	Domain string `json:"domain" yaml:"domain"`
+
+	// Audience is the domain where this auth is intended for
+	Audience string `json:"audience" yaml:"audience"`
+
+	// AllowedOrigins indicates if response is allowed from given origin
+	AllowedOrigins string `json:"allowedOrigins,omitempty" yaml:"allowedOrigins,omitempty"`
 }
 
 // IsGoogleLoginEnabled returns true if Google SSO provider is enabled
diff --git a/src/go/k8s/apis/redpanda/v1alpha1/zz_generated.deepcopy.go b/src/go/k8s/apis/redpanda/v1alpha1/zz_generated.deepcopy.go
diff --git a/src/go/k8s/config/crd/bases/redpanda.vectorized.io_consoles.yaml b/src/go/k8s/config/crd/bases/redpanda.vectorized.io_consoles.yaml
@@ -350,6 +350,28 @@ spec:
                     - name
                     - namespace
                     type: object
+                  redpandaCloud:
+                    description: EnterpriseLoginRedpandaCloud defines configurable
+                      fields for RedpandaCloud provider
+                    properties:
+                      allowedOrigins:
+                        description: AllowedOrigins indicates if response is allowed
+                          from given origin
+                        type: string
+                      audience:
+                        description: Audience is the domain where this auth is intended
+                          for
+                        type: string
+                      domain:
+                        description: Domain is the domain of the auth server
+                        type: string
+                      enabled:
+                        type: boolean
+                    required:
+                    - audience
+                    - domain
+                    - enabled
+                    type: object
                 required:
                 - enabled
                 - jwtSecretRef
diff --git a/src/go/k8s/pkg/console/configmap.go b/src/go/k8s/pkg/console/configmap.go
@@ -203,7 +203,14 @@ func (cm *ConfigMap) genLogin(ctx context.Context) (e EnterpriseLogin, err error
 		}
 		enterpriseLogin.JWTSecret = string(jwt)
 
-		switch { // nolint:gocritic // will support more providers
+		switch {
+		case provider.RedpandaCloud != nil:
+			enterpriseLogin.RedpandaCloud = &redpandav1alpha1.EnterpriseLoginRedpandaCloud{
+				Enabled:        provider.RedpandaCloud.Enabled,
+				Domain:         provider.RedpandaCloud.Domain,
+				Audience:       provider.RedpandaCloud.Audience,
+				AllowedOrigins: provider.RedpandaCloud.AllowedOrigins,
+			}
 		case provider.Google != nil:
 			cc := redpandav1alpha1.SecretKeyRef{
 				Namespace: provider.Google.ClientCredentialsRef.Namespace,
diff --git a/src/go/k8s/pkg/console/console.go b/src/go/k8s/pkg/console/console.go
@@ -14,6 +14,8 @@ import (
 	"github.com/cloudhut/common/rest"
 	"github.com/redpanda-data/console/backend/pkg/connect"
 	"github.com/redpanda-data/console/backend/pkg/kafka"
+
+	redpandav1alpha1 "github.com/redpanda-data/redpanda/src/go/k8s/apis/redpanda/v1alpha1"
 )
 
 const (
@@ -54,9 +56,10 @@ type EnterpriseRBAC struct {
 
 // EnterpriseLogin is the Console Enterprise Login config
 type EnterpriseLogin struct {
-	Enabled   bool                   `json:"enabled" yaml:"enabled"`
-	JWTSecret string                 `json:"jwtSecret,omitempty" yaml:"jwtSecret,omitempty"`
-	Google    *EnterpriseLoginGoogle `json:"google,omitempty" yaml:"google,omitempty"`
+	Enabled       bool                                           `json:"enabled" yaml:"enabled"`
+	JWTSecret     string                                         `json:"jwtSecret,omitempty" yaml:"jwtSecret,omitempty"`
+	Google        *EnterpriseLoginGoogle                         `json:"google,omitempty" yaml:"google,omitempty"`
+	RedpandaCloud *redpandav1alpha1.EnterpriseLoginRedpandaCloud `json:"redpandaCloud,omitempty" yaml:"redpandaCloud,omitempty"`
 }
 
 // EnterpriseLoginGoogle is the Console Enterprise Google SSO config
